public List<IParameter> getParas(IHttpRequestResponse messageInfo){ IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); return analyzeRequest.getParameters(); }
private boolean checkParamName(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> parametersByName = analyzedRequest.getParameters() .stream() .filter(p -> p.getName().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return parametersByName.size() > 0; default: return !(parametersByName.size() > 0); } }
private boolean checkParamValue(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> parametersByValue = analyzedRequest.getParameters() .stream() .filter(p -> p.getValue().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return parametersByValue.size() > 0; default: return !(parametersByValue.size() > 0); } }
public Map<String, String> getPara(IRequestInfo analyzeRequest){ List<IParameter> paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 Map<String,String> paraMap = new HashMap<String,String>(); for (IParameter para:paras){ paraMap.put(para.getName(), para.getValue()); } return paraMap ; }
private boolean checkCookieValue(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> cookiesByName = analyzedRequest.getParameters() .stream() .filter(p -> p.getType() == IParameter.PARAM_COOKIE) .filter(p -> p.getName().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return cookiesByName.size() > 0; default: return !(cookiesByName.size() > 0); } }
private boolean checkCookieName(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> cookiesByName = analyzedRequest.getParameters() .stream() .filter(p -> p.getType() == IParameter.PARAM_COOKIE) .filter(p -> p.getName().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return cookiesByName.size() > 0; default: return !(cookiesByName.size() > 0); } }
public byte getSignParaType(IRequestInfo analyzeRequest){ List<IParameter> paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 byte signParaType = -1; for (IParameter para:paras){ if (para.getName().equals(signPara)){ signParaType = para.getType(); } } return signParaType; }
public String getSignParaValue(IRequestInfo analyzeRequest){ List<IParameter> paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 String signParaType = null; for (IParameter para:paras){ if (para.getName().equals(signPara)){ signParaType = para.getValue(); } } return signParaType; }
static ArrayList<String> getParamKeys(byte[] resp, HashSet<Byte> types) { ArrayList<String> keys = new ArrayList<>(); IRequestInfo info = Utilities.helpers.analyzeRequest(resp); List<IParameter> currentParams = info.getParameters(); for (IParameter param : currentParams) { String parsedParam = parseParam(param.getName().replace(':', ';')); if(types.isEmpty() || types.contains(param.getType())) { keys.add(parsedParam); Utilities.log(parsedParam); } } return keys; }
public Map<String, String> getUpdatedParaBaseOnTable(IRequestInfo analyzeRequest){ List<IParameter> paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 Map<String,String> paraMap = getParaFromTable(); for (IParameter para:paras){ if (paraMap.keySet().contains(para.getName())){ if (paraMap.get(para.getName()).contains("<timestamp>")){ paraMap.put(para.getName(), paraMap.get(para.getName()).replace("<timestamp>", Long.toString(System.currentTimeMillis()))); }else { paraMap.put(para.getName(), para.getValue()); //stdout.println(para.getName()+":"+para.getValue()); } } } return paraMap ; }
private SSOProtocol checkRequestForBrowserId(IRequestInfo requestInfo, IHttpRequestResponse httpRequestResponse) { final List<IParameter> parameterList = requestInfo.getParameters(); String host = requestInfo.getUrl().getHost(); if(host.contains("persona.org")){ if (parameterListContainsParameterName(parameterList, IN_REQUEST_BROWSERID_PARAMETER)) { markRequestResponse(httpRequestResponse, "BrowserID", HIGHLIGHT_COLOR); return new BrowserID(httpRequestResponse, "BrowserID", callbacks); } } return null; }
private boolean checkRequest(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); long parameterCount = analyzedRequest.getParameters() .stream() .filter( p -> p.getType() == IParameter.PARAM_URL || p.getType() == IParameter.PARAM_BODY) .count(); switch (this.matchRelationship) { case "Contains Parameters": return parameterCount > 0; default: return !(parameterCount > 0); } }
public LinkedHashMap<String, String> getPara(IRequestInfo analyzeRequest){ List<IParameter> paras = analyzeRequest.getParameters(); LinkedHashMap<String,String> paraMap = getParaFromTable();//ӱлȡMapֻҪ¾ͺ for (IParameter para:paras){ if (paraMap.containsKey(para.getName())){ paraMap.put(para.getName(), para.getValue()); } } return paraMap ; }
private IParameter getParameterFromInsertionPoint(IScannerInsertionPoint insertionPoint, byte[] request) { IParameter baseParam = null; int basePayloadStart = insertionPoint.getPayloadOffsets("x".getBytes())[0]; List<IParameter> params = helpers.analyzeRequest(request).getParameters(); for (IParameter param : params) { if (param.getValueStart() == basePayloadStart && insertionPoint.getBaseValue().equals(param.getValue())) { baseParam = param; break; } } return baseParam; }
void getCookieNames(Set<String> cookiesNames) { IRequestInfo requestInfo = BurpExtender.callbacks.getHelpers().analyzeRequest(request); for(IParameter parameter : requestInfo.getParameters()) { if(parameter.getType() == IParameter.PARAM_COOKIE) { cookiesNames.add(parameter.getName()); } } }
private String findReturnTo(IHttpRequestResponse message){ IRequestInfo iri = super.getCallbacks().getHelpers().analyzeRequest(message); List<IParameter> list = iri.getParameters(); String returnTo = null; for(IParameter p : list){ if(p.getName().equals("openid.return_to")){ returnTo = p.getValue(); break; } } return returnTo; }
boolean matchesRequest(IRequestInfo request) throws JSONException { return isEnabled() && matchesTool("Extender") && matchesIParams(request.getParameters()) && matchesUrl(request.getUrl()); }
public void loadRequest(IHttpRequestResponse request){ this.requestResponse = request; IRequestInfo req = burpCallback.getHelpers().analyzeRequest(request); loadData(request.getRequest(), req.getParameters(), req.getHeaders()); }
/** * Find the token associated to the request/response. * @return The token. */ @Override public String findToken() { IRequestInfo iri = super.getCallbacks().getHelpers().analyzeRequest(getMessage()); List<IParameter> list = iri.getParameters(); for(IParameter p : list){ if(p.getName().equals(ID)){ return decode(p.getValue()); } } return "Not Found!"; }
private SSOProtocol checkRequestForSaml(IRequestInfo requestInfo, IHttpRequestResponse httpRequestResponse) { final List<IParameter> parameterList = requestInfo.getParameters(); if (parameterListContainsParameterName(parameterList, IN_REQUEST_SAML_REQUEST_PARAMETER)) { markRequestResponse(httpRequestResponse, "SAML Authentication Request", HIGHLIGHT_COLOR); return new SAML(httpRequestResponse, "SAML", callbacks, getFirstParameterByName(parameterList, "SAMLRequest")); } if (parameterListContainsParameterName(parameterList, IN_REQUEST_SAML_TOKEN_PARAMETER)) { markRequestResponse(httpRequestResponse, "SAML Response Token", HIGHLIGHT_COLOR); return new SAML(httpRequestResponse, "SAML", callbacks, getFirstParameterByName(parameterList, "SAMLResponse")); } return null; }